diff options
Diffstat (limited to 'contrib/solaris/buildpkg.sh')
-rwxr-xr-x | contrib/solaris/buildpkg.sh | 67 |
1 files changed, 37 insertions, 30 deletions
diff --git a/contrib/solaris/buildpkg.sh b/contrib/solaris/buildpkg.sh index c41b3f963..29d096306 100755 --- a/contrib/solaris/buildpkg.sh +++ b/contrib/solaris/buildpkg.sh | |||
@@ -5,7 +5,7 @@ | |||
5 | # The following code has been provide under Public Domain License. I really | 5 | # The following code has been provide under Public Domain License. I really |
6 | # don't care what you use it for. Just as long as you don't complain to me | 6 | # don't care what you use it for. Just as long as you don't complain to me |
7 | # nor my employer if you break it. - Ben Lindstrom (mouring@eviladmin.org) | 7 | # nor my employer if you break it. - Ben Lindstrom (mouring@eviladmin.org) |
8 | # | 8 | # |
9 | umask 022 | 9 | umask 022 |
10 | # | 10 | # |
11 | # Options for building the package | 11 | # Options for building the package |
@@ -13,7 +13,7 @@ umask 022 | |||
13 | # | 13 | # |
14 | # uncommenting TEST_DIR and using | 14 | # uncommenting TEST_DIR and using |
15 | # configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty | 15 | # configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty |
16 | # and | 16 | # and |
17 | # PKGNAME=tOpenSSH should allow testing a package without interfering | 17 | # PKGNAME=tOpenSSH should allow testing a package without interfering |
18 | # with a real OpenSSH package on a system. This is not needed on systems | 18 | # with a real OpenSSH package on a system. This is not needed on systems |
19 | # that support the -R option to pkgadd. | 19 | # that support the -R option to pkgadd. |
@@ -23,9 +23,10 @@ SYSVINIT_NAME=opensshd | |||
23 | MAKE=${MAKE:="make"} | 23 | MAKE=${MAKE:="make"} |
24 | SSHDUID=67 # Default privsep uid | 24 | SSHDUID=67 # Default privsep uid |
25 | SSHDGID=67 # Default privsep gid | 25 | SSHDGID=67 # Default privsep gid |
26 | # uncomment these next two as needed | 26 | # uncomment these next three as needed |
27 | #PERMIT_ROOT_LOGIN=no | 27 | #PERMIT_ROOT_LOGIN=no |
28 | #X11_FORWARDING=yes | 28 | #X11_FORWARDING=yes |
29 | #USR_LOCAL_IS_SYMLINK=yes | ||
29 | # list of system directories we do NOT want to change owner/group/perms | 30 | # list of system directories we do NOT want to change owner/group/perms |
30 | # when installing our package | 31 | # when installing our package |
31 | SYSTEM_DIR="/etc \ | 32 | SYSTEM_DIR="/etc \ |
@@ -81,7 +82,7 @@ export PATH | |||
81 | # we will look for config.local to override the above options | 82 | # we will look for config.local to override the above options |
82 | [ -s ./config.local ] && . ./config.local | 83 | [ -s ./config.local ] && . ./config.local |
83 | 84 | ||
84 | ## Start by faking root install | 85 | ## Start by faking root install |
85 | echo "Faking root install..." | 86 | echo "Faking root install..." |
86 | START=`pwd` | 87 | START=`pwd` |
87 | OPENSSHD_IN=`dirname $0`/opensshd.in | 88 | OPENSSHD_IN=`dirname $0`/opensshd.in |
@@ -98,20 +99,20 @@ fi | |||
98 | ## Fill in some details, like prefix and sysconfdir | 99 | ## Fill in some details, like prefix and sysconfdir |
99 | for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir sysconfdir piddir | 100 | for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir sysconfdir piddir |
100 | do | 101 | do |
101 | eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2` | 102 | eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2` |
102 | done | 103 | done |
103 | 104 | ||
104 | 105 | ||
105 | ## Collect value of privsep user | 106 | ## Collect value of privsep user |
106 | for confvar in SSH_PRIVSEP_USER | 107 | for confvar in SSH_PRIVSEP_USER |
107 | do | 108 | do |
108 | eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h` | 109 | eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h` |
109 | done | 110 | done |
110 | 111 | ||
111 | ## Set privsep defaults if not defined | 112 | ## Set privsep defaults if not defined |
112 | if [ -z "$SSH_PRIVSEP_USER" ] | 113 | if [ -z "$SSH_PRIVSEP_USER" ] |
113 | then | 114 | then |
114 | SSH_PRIVSEP_USER=sshd | 115 | SSH_PRIVSEP_USER=sshd |
115 | fi | 116 | fi |
116 | 117 | ||
117 | ## Extract common info requires for the 'info' part of the package. | 118 | ## Extract common info requires for the 'info' part of the package. |
@@ -243,16 +244,16 @@ fi | |||
243 | 244 | ||
244 | if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null | 245 | if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null |
245 | then | 246 | then |
246 | echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user" | 247 | echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user" |
247 | echo "or group." | 248 | echo "or group." |
248 | else | 249 | else |
249 | echo "UsePrivilegeSeparation enabled in config (or defaulting to on)." | 250 | echo "UsePrivilegeSeparation enabled in config (or defaulting to on)." |
250 | 251 | ||
251 | # create group if required | 252 | # create group if required |
252 | if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null | 253 | if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null |
253 | then | 254 | then |
254 | echo "PrivSep group $SSH_PRIVSEP_USER already exists." | 255 | echo "PrivSep group $SSH_PRIVSEP_USER already exists." |
255 | else | 256 | else |
256 | # Use gid of 67 if possible | 257 | # Use gid of 67 if possible |
257 | if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null | 258 | if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null |
258 | then | 259 | then |
@@ -260,15 +261,15 @@ else | |||
260 | else | 261 | else |
261 | sshdgid="-g $SSHDGID" | 262 | sshdgid="-g $SSHDGID" |
262 | fi | 263 | fi |
263 | echo "Creating PrivSep group $SSH_PRIVSEP_USER." | 264 | echo "Creating PrivSep group $SSH_PRIVSEP_USER." |
264 | \$chroot /usr/sbin/groupadd \$sshdgid $SSH_PRIVSEP_USER | 265 | \$chroot /usr/sbin/groupadd \$sshdgid $SSH_PRIVSEP_USER |
265 | fi | 266 | fi |
266 | 267 | ||
267 | # Create user if required | 268 | # Create user if required |
268 | if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null | 269 | if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null |
269 | then | 270 | then |
270 | echo "PrivSep user $SSH_PRIVSEP_USER already exists." | 271 | echo "PrivSep user $SSH_PRIVSEP_USER already exists." |
271 | else | 272 | else |
272 | # Use uid of 67 if possible | 273 | # Use uid of 67 if possible |
273 | if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDGID'\$' >/dev/null | 274 | if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDGID'\$' >/dev/null |
274 | then | 275 | then |
@@ -276,10 +277,10 @@ else | |||
276 | else | 277 | else |
277 | sshduid="-u $SSHDUID" | 278 | sshduid="-u $SSHDUID" |
278 | fi | 279 | fi |
279 | echo "Creating PrivSep user $SSH_PRIVSEP_USER." | 280 | echo "Creating PrivSep user $SSH_PRIVSEP_USER." |
280 | \$chroot /usr/sbin/useradd -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER | 281 | \$chroot /usr/sbin/useradd -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER |
281 | \$chroot /usr/bin/passwd -l $SSH_PRIVSEP_USER | 282 | \$chroot /usr/bin/passwd -l $SSH_PRIVSEP_USER |
282 | fi | 283 | fi |
283 | fi | 284 | fi |
284 | 285 | ||
285 | [ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start | 286 | [ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start |
@@ -358,18 +359,24 @@ cat >mk-proto.awk << _EOF | |||
358 | BEGIN { print "i pkginfo"; print "i preinstall"; \\ | 359 | BEGIN { print "i pkginfo"; print "i preinstall"; \\ |
359 | print "i postinstall"; print "i preremove"; \\ | 360 | print "i postinstall"; print "i preremove"; \\ |
360 | print "i request"; print "i space"; \\ | 361 | print "i request"; print "i space"; \\ |
361 | split("$SYSTEM_DIR",sys_files); } | 362 | split("$SYSTEM_DIR",sys_files); } |
362 | { | 363 | { |
363 | for (dir in sys_files) { if ( \$3 != sys_files[dir] ) | 364 | for (dir in sys_files) { if ( \$3 != sys_files[dir] ) |
364 | { \$5="root"; \$6="sys"; } | 365 | { \$5="root"; \$6="sys"; } |
365 | else | 366 | else |
366 | { \$4="?"; \$5="?"; \$6="?"; break;} | 367 | { \$4="?"; \$5="?"; \$6="?"; break;} |
367 | } } | 368 | } } |
368 | { print; } | 369 | { print; } |
369 | _EOF | 370 | _EOF |
370 | find . | egrep -v "prototype|pkginfo|mk-proto.awk" | sort | \ | 371 | find . | egrep -v "prototype|pkginfo|mk-proto.awk" | sort | \ |
371 | pkgproto $PROTO_ARGS | nawk -f mk-proto.awk > prototype | 372 | pkgproto $PROTO_ARGS | nawk -f mk-proto.awk > prototype |
372 | 373 | ||
374 | # /usr/local is a symlink on some systems | ||
375 | [ "${USR_LOCAL_IS_SYMLINK}" = yes ] && { | ||
376 | grep -v "^d none /usr/local ? ? ?$" prototype > prototype.new | ||
377 | mv prototype.new prototype | ||
378 | } | ||
379 | |||
373 | ## Step back a directory and now build the package. | 380 | ## Step back a directory and now build the package. |
374 | echo "Building package.." | 381 | echo "Building package.." |
375 | cd .. | 382 | cd .. |